Services cloud computing, including newly introduced. that is necessary for education to local users, including anticipation of concerns about data security and privacy issues.
security and privacy factors into two of the four most important issues surrounding the implementation of Cloud Computing, in addition to the limitations of internet access problems and the existence of the data itself.
How to understand iCload (Cloud Computing)?
The data certainly is safer because there are rules which require that every cloud computing service providers to adhere to related regulations and rules. For example, ISO 27 002 which is standard on information security best practices that can also be used to assess the level of security in a Cloud Computing service provider.
In addition to concerns over the safety factor, privacy is also an issue of concern to Microsoft. "The era of social media is changing the habits of people in dealing with privacy. Privacy is very important in Cloud Computing, the desired level of privacy because everyone is different. With data privacy capabilities, then each person can determine who is entitled to access or modify any information based on digital identification, ".
The main advantage of cloud computing is that we can rent computing capacity according to need. There is no need for us to buy and install a computer / server itself.
"Cloud computing is not the solution to all IT problems, but it is one component of a complete IT solution, which usually is a combination of cloud services coupled with the applications installed on the server's own,".
iCloud is not new technology, but it is a natural stage in the evolution of computing through several eras. Cloud computing is the embodiment of the democratization of technology, where technology is now affordable for anyone, because cloud computing services are available ranging from free to paid.
"If we subscribe to cloud computing is like we subscribe to clean water from Water Company, where we do not have to dig their own wells, a water pump and treat yourself, and pay for electricity. We simply take water in accordance with the needs and pay monthly dues to the Water company, ".
Security and Privacy Aspects of Cloud Computing
Before a company / organization benefit from cloud computing, there are several aspects relating to Security and Privacy below that must be considered:
1. Access Management and Identity, the identity can be obtained through some cloud service providers, and must be interoperable between different organizations, different cloud providers, and based on strong process.
Recommendation: Authentication is recommended to use several factors at once, such as biometrics, one time password tokens, ID card with a chip, and a password.
2. Risk Management and Compliance, organizations are starting to adopt the cloud still be responsible for aspects of security management, risk, and compliance with the rules applicable in the related industry. Risk and compliance management requires a strong internal team and the transparency of the process of cloud service providers.
Recommendation: cloud service providers have to use some or best practice frameworks such as MOF, or ITIL, and have certifications such as ISO / IEC 27001:2005, and publish the audit report to the SAS 70 Type II. In addition, according to provisions of a state, may also have to adhere to the PCI or FISMA.
3. Information protection, cloud services require a reliable process to protect the information before, during, and after the transaction. Take advantage of data classification to improve the control of the data is ready to be released into the clouds.
Recommendation: Use encryption technology and information rights management (IRM) prior to data released to the cloud
4. Integrity Service, cloud-based services must be built with a foundation of strong security, and operational processes must also be integrated with security management in the organization. The cloud service provider must follow the process that can be proven, well-defined, and clearly in integrating security and privacy in services ranging from the earliest point, at any point in the cycle, until the final. Besides security management and auditing must be aligned between cloud providers and customers.
Recommendation: Use such certification EAL4 + (for security evaluation), SDL (for application development), ISO / IEC 18 044 (for incident response).
5. Client Integrity, cloud services are used on the client side should pay attention to aspects of security, compliance, and integrity on the client side. Integrity client can be improved by using a combination of best practices.
Recommendation: Strengthen the desktop system, make sure the health of desktop systems, apply the appropriate IT policy, identity federation, Network Access Protection and so on.
